Latest Release of the HITRUST CSF® Integrates GDPR and New York State Cybersecurity Requirements

Home » News » Posts » Latest Release of the HITRUST CSF® Integrates GDPR and New York State Cybersecurity Requirements

This latest release is part of HITRUST’s commitment to ensure the HITRUST CSF stays relevant to the information risk management, data protection, and regulatory compliance needs of domestic and global organizations through incorporation of new standards and regulations.

HITRUST® is making the HITRUST CSF – a widely used information privacy and security framework for organizations – more open and comprehensive, so that it can be applied more effectively across a variety of global industries.

Integrating the New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) into the HITRUST CSF will enable the financial industry to leverage the framework to achieve better cybersecurity resilience and protection. The requirements for Financial Services Companies not only affects financial institutions but also healthcare organizations such as health insurers and their business associates, including those outside of New York.

HITRUST has also updated the HITRUST CSF Assurance program with formatting enhancements to the NIST Cybersecurity Scorecard.

HITRUST CSF Version 9.1 and updates to the HITRUST CSF Assurance program stay true to HITRUST’s commitment to streamline the assessment process and extend the “assess once, report many” approach as a standard security framework.